[156061] in North American Network Operators' Group
Re: The End-To-End Internet (was Re: Blocking MX query)
daemon@ATHENA.MIT.EDU (Sean Harlow)
Wed Sep 5 11:49:52 2012
From: Sean Harlow <sean@seanharlow.info>
In-Reply-To: <20120905T145402Z@localhost>
Date: Wed, 5 Sep 2012 11:49:02 -0400
To: Izaac <izaac@setec.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sep 5, 2012, at 11:11, Izaac wrote:
> This is why tcp port 25 filtering is totally effective and will remain =
so
> forever. Definitely worth breaking basic function principles of a
> global communications network over which trillions of dollars of =
commerce
> occur.
Two things to note:
1. Restricting outbound port 25 is nothing new. It's been in use since =
before SPF or DKIM were under development, yet it hasn't been =
defeated/bypassed. Henry didn't specify whether the DKIM-valid messages =
he received were forged or if they just came from a random spam domain. =
If the latter, of course that's trivial for spammers to make appear =
legitimate because the only goal of such systems is to verify that the =
sender controls or is approved by the domain the message claims to be =
from.
2. The reason port 25 blocks remain effective is that there really isn't =
a bypass. If you want to spam, at some point you must establish a TCP =
connection to port 25 on the destination mail server. You can either do =
this from your own machines (where a good hosting provider will cut you =
off in a hurry) or by using someone else's illegitimately. Servers tend =
to be located in datacenters where again a good provider will take =
action, so botted end-user machines are obviously a huge thing to =
spammers. Eliminate the ability for the majority of those bots to make =
said port 25 connections, you've now forced them in to a much smaller =
operating area where they're more likely to be found. The only "bypass" =
is to go back to using their own machines or compromised equipment on =
higher-grade connections.
---
Sean Harlow
sean@seanharlow.info=
